Understanding and identifying common services that may be disabled or
locked down to thwart unauthorized access

Recognizing when an attack is happening and taking proper steps to end
it

Learning to identify which types of attacks you might be subject to and
how to implement proper security to protect your environment

Recognizing malicious code and knowing how to respond
appropriately

Understanding how easy social engineering has become

Learning the concepts of proper auditing

The challenge of working in a mixed operating system environment becomes a
factor when trying to secure your resources. It has become very common for
servers to be subject to a myriad of attacks through services, protocols, and
open ports.

The Security+ exam requires that you understand that eliminating nonessential
services can thwart many would-be attackers and that you understand the
different types of attacks that can happen.

It is an IT professional's responsibility to be sure that the network is
secure and safe from attacks. This is an enormous undertaking. Most servers come
with a wide range of services and protocols, many of which are turned on by
default. The first step in securing your environment is to formulate a plan. The
plan should include the following:

The role of each server along with its current configuration

The services, protocols, and applications required to meet the business
needs

Any configuration changes that should be made to the existing servers,
such as additions and the removal of nonessential server services that
don't meet business needs

Overlooking the planning phase can spell disaster. Many times though, this
phase is skipped because the server has to be put in place right away or its
original role has been changed without any reconfiguration. The technology world
is changing constantly, and your network needs to change along with it to
accommodate new ways of doing business while protecting yourself from new
vulnerabilities. It is dangerous to sit down at a server and try to configure it
without a plan. Each operating system has its own set of protocols, scripting
languages, and tools. You could not possibly cover all bases efficiently and
effectively without proper planning. Your plan should also be reevaluated on a
regular basis. What is a viable solution now might not work in the future.

Establishing a Server Role

By identifying the role that each server plays, it can more easily be
determined which services and protocols are required or needed. Common roles for
servers include the following:

Logon serverThese servers authenticate users when they log
on to their workstations. These servers can also function as other types of
servers.

Network services serverThese servers host services that are
required for the network to function as per the configuration. These include
Dynamic Host Configuration Protocol (DHCP), Domain Name System (DNS), Windows
Internet Name Service (WINS), and Simple Network Management Protocol
(SNMP).

Application serverUsed for hosting applications such as
custom accounting packages and office suites.

File serverUsed for access to common user files and home
directories.

FTP serverUsed to store files that are downloaded or
uploaded. These can be internal as well as external.

Email serverUsed for email but can also be used to host
public folders and groupware applications.

News/Usenet (NNTP) serverUsed as a newsgroup server where
users can post and retrieve messages in a common location.

It should also be determined whether the server will be accessed from the
internal network, from the external world, or both. This helps identify the
services and protocols you need on your server. In the following sections, we
discuss how to determine which protocols and services you need on your server as
well as the benefits of removing unnecessary protocols and services.

Required and Critical Services

Every operating system requires different services for it to operate
properly. Ideally, the configuration process should start with installing only
the services necessary for the server to function. The manufacturer should have
these services listed in the documentation. If not, a wealth of information on
hardening servers can be found in books and on the Web. Using documentation to
standardize the methods used to set up servers will make new deployments easier
and more secure.

The best way to ensure that only necessary services are running is to do a
clean install. When a computer system is shipped to you, there is usually
additional software, such as the manufacturer's tools, or additional
configuration changes that have been made. The only way to be sure the machine
meets the specifications of the plan is to perform a clean installation using
predetermined checklists or policies. This task is very time consuming but in
the long run is worth it. An additional benefit is that it ensures you have all
the software and skills required to rebuild the server should this ever need to
be done. Taking the time to do it right the first time saves you many headaches
down the road.

Determining Required Protocols

Some administrators install unnecessary protocols because they either
misunderstand the protocols' function or think they may need them later.
Protocols, like services, should not be installed unless required. When looking
at your network environment, the following should be determined:

Whether the protocol(s) is required for desktop-toserver
communication

Whether the protocol(s) is required for server-to-server
communication

Whether the protocol(s) is required for remote accessto-server
communication

Whether the protocol(s) chosen requires additional services

Whether there are any known security issues associated with the
protocol(s) chosen

Many networks consist of a mixed Windows and Unix operating system
environment. Hypothetically, you have decided to use TCP/IP as the
communications protocol. Next, you need to determine whether to implement TCP/IP
statically or dynamically through DHCP.

If you decide that TCP/IP is to be deployed dynamically, you need to use an
additional service (DHCP). Although DHCP can ease administration costs, it is
less secure because unknown users can plug into your network and receive a
TCP/IP address. This is especially true on unsecured wireless networks, where
someone can be in the parking lot with a laptop attached to your network via a
wireless connection.

TCP/IP also requires that you have a DNS server deployed for proper name
resolution. In the hypothetical network, both Unix and Windows operating systems
are running, and depending on whether Windows NT 4.0 or Windows 2000 is used,
both DNS and WINS may be needed.

You must consider the implications in security planning. Weighing the factors
helps you make wise choices in deploying services and protocols. The risks
associated with running each choice of service and protocol should be researched
and documented. It would be great to eliminate the associated risks altogether,
but this is virtually impossible in today's world. However, being able to
come up with possible solutions to reduce the risks associated with each service
and protocol is a step in the right direction.

Benefits of Removing Protocols and Services

Deploying a server out of the box may have services installed that actually
pose security risks. An unconfigured server is a server looking to be hacked.
Therefore, you need to determine which services can be uninstalled or disabled.
It is not wise to run services that aren't going to be used. If they are
left installed and improperly configured, someone else may use them to do harm
to the network. This can happen from inside the network as well as from the
outside. These days, more harm is done by disgruntled and curious employees than
from outside hackers.

Remember that secure networks require planning time. Companies have a
tendency to want to deploy new technology as fast as they can to take advantage
of what it can do for them. The number of configuration options offered in each
new operating system increases faster than we can imagine. Being able to
identify and implement only the necessary services and protocols required is a
skill that must be learned. This approach helps reduce the attacks that affect
every network.